Security Policy

General Security

Security is of utmost importance for our business and credibility. This is why the tooleybook application was built using the highest development standards with regards to security. The tooleybook tech team as well as our web hosting service keep a close eye on server status, potential issues and activity logs. Additionally, security updates are applied as soon as they are made available. As a result, server instability or malfunctions as well as system attacks and intrusions are thwarted as much as possible. Finally, as soon as one of our servers does not respond, we are automatically alerted by email and SMS through an external surveillance service.

Physical Security

Tooleybook servers are protected from would-be hackers by a strong firewall. This firewall is a physical Gateway that stands between our Internet connection and the servers.

Software Security

All application security patches are continuously applied on our servers. Regular security updates are applied as soon as they are made available. Third-party software updates are also applied as soon as they are made available.

Data Security

All client data is replicated to a failover server, on an hourly basis. Additionally, every night, all client data is backed up on an external host in the event our primary hosting service should incur total failure. Tooleybook processes a SSL certificate from a Secure Certification Authority. All clients access tooleybook through a 256 bit SSL encrypted connection.

In case of a security breach

Should we become aware of a security breach and that data has been accessed without authorization, Tooleybook will contact the affected persons and/or businesses without delay. Furthermore, Tooleybook will do everything in its power to remedy the situation and prevent its further occurrence. This could provoke a short downtime on the servers in order to protect client data while we implement corrective measures. We have never been hacked.


Tooleybook makes every effort to preserve the privacy of the information its servers contains. Tooleybook will never sell, share or publish its clients' data. Tooleybook will never share or sell email addresses with third parties. All file attachments are located in a secure zone of the servers that is only accessible to users configured in the account to whom the files belong. Any other Tooleybook user or unauthorized visitor cannot access these files. When a client closes his/her Tooleybook account, the account data is deleted permanently from the servers. However, since all client data is backed-up daily and kept for 30 days, this data can be recovered from the external backup media. Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Web site.


Please report any questions or concerns to the following